Skip to content

Latest commit

 

History

History
72 lines (54 loc) · 6.15 KB

README.md

File metadata and controls

72 lines (54 loc) · 6.15 KB

Download Amazon S3 Documents from Salesforce

About

This project is a node app that acts as an integration between a Salesforce Org and Amazon S3.

The project is complementary with this integration that exports Salesforce documents to Amazon S3.

The goal of the integration is to allow Salesforce users to download Amazon S3 documents. The integration leverages OAuth 2.0 to authenticate users and performs security checks on document access.

We download documents from S3 with the following scenario:

  1. A user clicks on a link on the S3 Document record in Salesforce.
  2. The link redirects the user to the middleware app where the user goes through OAuth authentication using their Salesforce credentials. The OAuth flow is implemented thanks to a Salesforce Connected App.
  3. The middleware run some permission checks and. If the user is allowed to access the document, the middleware uses a S3 API client to retrieve the file from Amazon.
  4. The content of the file is then served back to the user. If the user was already logged in with the connected app before the original request in step 1, the document is sent seamlessly as a response (the user will not notice the intermediate steps).

Integration architecture

Installation

Create a Salesforce Connected App

  1. Log in to your Salesforce org.
  2. At the top right of the page, select the gear icon and then click Setup.
  3. From Setup, enter App Manager in the Quick Find and select App Manager.
  4. Click New Connected App.
  5. Enter Amazon S3 Middleware as the Connected App Name
  6. Enter your Contact Email.
  7. Under API (Enable OAuth Settings), check the Enable OAuth Settings checkbox.
  8. Enter https://YOUR_HOST/auth/callback as the Callback URL where YOUR_HOST is the host of this node app.
  9. Under Selected OAuth Scope, move Access and manage your data (API) to the Selected OAuth Scopes list.
  10. Click Save.
  11. From this screen, copy the connected app’s Consumer Key and Consumer Secret some place temporarily.

Deploy and Configure the Node App

  1. Declare the following environment variables:

    Variable Name Description Example
    SF_LOGIN_URL Salesforce login URL. Either:
    - https://login.salesforce.com for production and Developer Edition orgs
    - https://login.salesforce.com for sandboxes and scratch orgs
    - your own custom domain.
    https://login.salesforce.com
    SF_AUTH_CALLBACK_URL Connected app callback URL where YOUR_HOST in the example is the host that hosts this app. This value must match what's configured in the Connected App. https://YOUR_HOST/auth/callback
    SF_CONSUMER_KEY Connected app consumer key. secret
    SF_CONSUMER_SECRET Connected app consumer secret. secret
    SF_API_VERSION Salesforce API version. 54.0
    AWS_ACCESS_KEY_ID Access key ID for your AWS IAM user. secret
    AWS_SECRET_ACCESS_KEY Secret access key for your AWS IAM user. secret
    AWS_REGION Region of your S3 bucket. eu-west-3
    AWS_S3_BUCKET Name of your S3 bucket. poz-sf-demo
    SESSION_SECRET Secret key for signing the session cookie with a length of 32 characters or more. secret
    SESSION_DURATION Salesforce session duration in minutes (default is 120 minutes). 120

    If you are testing locally, you can create a .env file at the root of the project with this template:

    SF_LOGIN_URL=https://login.salesforce.com
    SF_AUTH_CALLBACK_URL=https://YOUR_HOST/auth/callback
    SF_CONSUMER_KEY=
    SF_CONSUMER_SECRET=
    SF_API_VERSION=54.0
    
    AWS_ACCESS_KEY_ID=
    AWS_SECRET_ACCESS_KEY=
    AWS_REGION=
    AWS_S3_BUCKET=
    
    SESSION_SECRET=
    SESSION_DURATION=120
  2. Run npm start to start the app.